mirai | b7e0108ab55109422264d03bf536998c9a05d021628ceec045d0d5613263fc26 | Triage

Sharing

General

Target

FederalmipsAgent.elf
Size

100KB
Sample

250319-aq45lazvcw
MD5

94425eb9ce80b6f6d216e15564a86f08
SHA1

b2651ddf5752084b58ef3a577b431c0cef1ad3aa
SHA256

b7e0108ab55109422264d03bf536998c9a05d021628ceec045d0d5613263fc26
SHA512

2197013f91b8a8bd736b688241d739c66e82eb4c26a70f28086f957cb8542d8251201c5f0d67748fd44da6b5641abeb87644c424937df87193304a18de92caee
SSDEEP

1536:WR8nvpusosRJPPdFLla+KEHMlZXTZjuoWIAOjil33Ge83F7410ZLA:3nrogpPfKzlZXTZjfWIAOjil33qF4gk

Score

10^/10

mirai demons discovery

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  FederalmipsAgent.elf
- Size
  
  100KB
- MD5
  
  94425eb9ce80b6f6d216e15564a86f08
- SHA1
  
  b2651ddf5752084b58ef3a577b431c0cef1ad3aa
- SHA256
  
  b7e0108ab55109422264d03bf536998c9a05d021628ceec045d0d5613263fc26
- SHA512
  
  2197013f91b8a8bd736b688241d739c66e82eb4c26a70f28086f957cb8542d8251201c5f0d67748fd44da6b5641abeb87644c424937df87193304a18de92caee
- SSDEEP
  
  1536:WR8nvpusosRJPPdFLla+KEHMlZXTZjuoWIAOjil33Ge83F7410ZLA:3nrogpPfKzlZXTZjfWIAOjil33qF4gk
Score

6^/10

discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1